Score:1

ACL permissions not syncing with LDAP

cn flag

Have a MacStudio running system 13.3.1 set up as a file server. It is bound to an Open Directory server. Using TinkerTool as a GUI to set/update permissions of the shared files/folders.

Everything works fine (as long as a monitor is connected) except when updating directory groups.

When I add a new user to a group that has permission to a shared folder, that new user is not allowed access. I check Directory Utility on the Studio, and the new user is in the group.

I check effective permissions with TinkerTool and everyone else in the group has the proper permissions, but the new user is denied. Also verified by logging in as the users. The directory group is assigned as an ACL on the folder.

Here is how the permissions are set on the folder being shared:

drwx------+ 13 xxxxxxxx staff 442 Apr 21 07:55 Samples

0: group:executive allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,limit_inherit

1: group:samples allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,limit_inherit

2: user:xxxxxxx allow list,search,limit_inherit

The new user is part of the group "samples" verified with Directory Utility.

A restart I believe will fix this, but it shouldn’t be necessary and restarting a live server while everyone is using it is no good. It appears something isn’t being updated, or a cache isn’t being cleared.

Anyone have any ideas?

New information: If it is left over night it fixes itself. Having to wait 24hrs for permissions to set isn't ideal.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.